
Critical FOSSBilling SSTI Flaw Enables Information Disclosure and Remote Code Execution
A critical server-side template injection (SSTI) vulnerability in FOSSBilling, tracked as CVE-2026-28496, is already being actively exploited in the wild. The flaw carries a CVSS v4 score of 9.4 and affects all FOSSBilling releases through version 0.7.2; a patch is available in version 0.8.0. The vulnerability, identified as CWE-1336 (Improper Neutralization of Special Elements in […]
The post Critical FOSSBilling SSTI Flaw Enables Information Disclosure and Remote Code Execution appeared first on Cyber Security News.